Manager snoops on employee’s personal bank account after employee calls in sick
Early resolved case summary #2015-06
May 22, 2015
- An organization may be in contravention of PIPEDA if an employee accesses another individual’s personal information without a valid business purpose. This would be seen as using information for a purpose other than that for which it was collected. Organizations should ensure that their employees have a clear understanding of the importance of maintaining customer confidentiality and of the consequences of accessing a customer's personal information without a legitimate business need or proper authorization to do so.
- To prevent and address employee snooping, organizations can read our Ten Tips for Addressing Employee Snooping.
Our office communicated with the credit union as part of its early resolution process. The credit union agreed that the manager had accessed the individual’s account without a valid business purpose and that the individual’s personal information was therefore used for a purpose other than that for which it was collected. The credit union indicated that it would address the issue with the manager, who had been frustrated by staffing and performance issues, and would write a letter of apology to the individual.
The individual was satisfied that the credit union committed to addressing the manager’s conduct. The credit union also apologized to the individual for the manager’s actions. She considered the matter early resolved.
Report a problem or mistake on this page
- Date modified: